Guide to Creating a DigiCert Certificate Inventory in ServiceNow

Selva Arun · ‎10-12-2024

Introduction

In this article, I will outline the steps to create a DigiCert Certificate Inventory in ServiceNow. This inventory will help organizations manage their digital certificates effectively, ensuring security and compliance.

Prerequisites

Access to ServiceNow with appropriate permissions
DigiCert account credentials
Basic knowledge of ServiceNow and certificate management

Step 1: Create a Credential Alias for Digicert

Navigate to Credentials Alias from the Application Navigator:

Search for Digicert and open the record:

Click on New under the related items of credentials tab and create an entry by providing the CA Type as Digicert and API key.

Step 2: Create a Discovery Schedule

Navigate to Discovery Schedules:
- Click on new, Discover: Certificates.
Select Certificate Discovery Type:
- Choose CA Trust Discovery and link the newly created Credential alias.
MID Server Selection:
- Select the MID Server selection method: Auto Select or Specific MID Server.
Fill Out Necessary Fields:
- Complete any additional required fields.
Save the Schedule:
- Click Save.

Step 4: Add CA Patterns

Select the Serverless Execution Pattern Tab:
- Click on the Serverless Execution Pattern tab.
Create a New Pattern:
- Select New to add a DigiCert- Certificate Management as needed.
Enable Certificate Status Option:
- If you enable the Include cert status option, specify multiple certificate statuses by separating them with commas.
Submit the Pattern:
- Click Submit to finalize the process.

Add the newly created credential alias name in the credential Alias parameter to avoid the error below and save the record.

Step 5: Run the Discovery Schedule by clicking on Discover now.

Conclusion

Following these steps will help you set up a DigiCert Certificate Inventory in ServiceNow efficiently. Ensure that all entries are accurate to maintain effective certificate management.

For more info, please check: Run Certificate Discovery via Certificate Authority query (servicenow.com)

David_Casper · ‎02-07-2025

Thanks for this post!!! The SNOW documentation left out the part of adding the credential alias value under the Discovery Pattern Launcher Parameters.

Selva Arun · ‎02-07-2025

Thank you for your feedback, please mark this article as helpful if it has helped you in any ways.

Selva

SK Chand Basha · ‎02-08-2025

Very Helpful!!

Selva Arun · ‎02-09-2025

Thank you so much for your feedback.

If you believe the solution provided has adequately addressed your query, could you please **mark it as 'Helpful'**. This will help other community members who might have the same question find the answer more easily.

Thank you for your consideration.

Selva

Thomas Buecker · ‎08-07-2025

Hi,
is there a way to achieve it with ACC-V?
I can't find any documentation and the community post: https://www.servicenow.com/community/itom-forum/certificate-discovery-with-acc-v-agents/m-p/2895329 has also no answer

Kind Regards
Thomas

Christopher Hub · ‎08-07-2025

With ACC-V you could create a custom check that functions like the TLS port probe used in Discovery, but it feels like just using the TLS port probe itself might be a better approach. You wouldn't usually care about this for end user devices, which are a common use-case for ACC-V agents. If you are scanning on non-EUC devices, which use TLS certificates, then they need to be IP accessible to function. TLS certificate discovery doesn't actually require a credential since it's accessing an open port, so the benefit of using an agent to discover it is small comapred to the additional complexity. Do you have a specific reason for wanting to do this with ACC-V rather than Certificate Discovery?

SK Chand Basha · ‎08-08-2025

Hi @Thomas Buecker

In zurich release you will get TLS certificates from ACC.

Please find link below

https://www.servicenow.com/docs/bundle/zurich-release-notes/page/release-notes/it-operations-managem...